Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2014/12/22 12:0 a.m.19 views

oCERT Releases Advisory for Unpatched UnZip Vulnerability

The Open Source Computer Security Incident Response Team oCERT has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file. US-CER...

7AI score
Exploits0References1
CISA
CISA
added 2014/12/09 12:0 a.m.19 views

Microsoft Releases December 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information...

7.3AI score
Exploits0References1
CISA
CISA
added 2014/10/16 12:0 a.m.19 views

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system. Updates available include: Chrome 38.0.2125.104 for Windows, Mac and Linux Chrome OS 38.0.2125.108 for all...

7AI score
Exploits0References2
CISA
CISA
added 2013/10/17 12:0 a.m.19 views

Google Releases Google Chrome 30.0.1599.101

Google has released Google Chrome 30.0.1599.101 for Windows, Mac, Linux and Chrome Frame operating systems to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or trigger multiple conflicting uses of the same object. US-CE...

6.9AI score
Exploits0References1
CISA
CISA
added 2013/08/21 12:0 a.m.19 views

Google Releases Google Chrome 29.0.1547.57

Google has released Google Chrome 29.0.1547.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct a directory traversal attack, or obtain sensitive information. US-CERT...

6.9AI score
Exploits0References1
CISA
CISA
added 2013/08/05 12:0 a.m.19 views

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to take control of the affected system or allow an authenticated but unprivileged, remote attacker to execute arbitrary code on a vulnerable system and on devices managed ...

8.7AI score
Exploits0References3
CISA
CISA
added 2012/03/14 12:0 a.m.19 views

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances ASA Cisco Catalyst 6500 Series ASA Service Module ASASM Cisco Catalyst 6500 Series Firewall Service Module FWSM Cisco Adaptive Security...

9.3CVSS7.1AI score0.06181EPSS
Exploits0References4
CISA
CISA
added 2012/02/29 12:0 a.m.19 views

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...

7.7AI score
Exploits0References6
CISA
CISA
added 2011/12/20 12:0 a.m.19 views

USAA Phishing Scam and Malware Campaign

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...

6.5AI score
Exploits0References3
CISA
CISA
added 2010/07/16 12:0 a.m.19 views

Microsoft Windows .LNK Vulnerability

US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as "shortcuts," as references to files or applications. By convincing a user to...

7.3AI score
Exploits0References7
CISA
CISA
added 2010/03/31 12:0 a.m.19 views

Oracle Releases Critical Patch Update for Java SE and Java for Business

Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server. US-CERT encourages users and...

6.7AI score
Exploits0References2
CISA
CISA
added 2010/02/24 12:0 a.m.19 views

Adobe Releases a Security Update for Download Manager

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software. US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to...

6.6AI score
Exploits0References2
CISA
CISA
added 2026/06/02 12:0 p.m.18 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...

8.4CVSS7AI score0.05528EPSS
Exploits13References7
CISA
CISA
added 2026/02/10 12:0 p.m.18 views

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21510link is external Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513link is external Microsoft MSHTML Framework Security...

8.8CVSS5.5AI score0.25835EPSS
Exploits8References11
CISA
CISA
added 2025/08/07 12:0 p.m.18 views

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...

6.8AI score
Exploits0References10
CISA
CISA
added 2025/01/24 12:0 p.m.18 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23006link is external SonicWall SMA1000 Appliances Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

9.8CVSS9.8AI score0.23432EPSS
Exploits1References6
CISA
CISA
added 2024/09/13 12:0 p.m.18 views

Ivanti Releases Security Update for Cloud Services Appliance

Ivanti has released a security update addressing an OS command injection vulnerability CVE-2024-8190 affecting Ivanti Cloud Services Appliance CSA 4.6 all versions before patch 519. A cyber threat actor could exploit this vulnerability to take control of an affected system. At this time, Ivanti h...

7.2CVSS8.3AI score0.88955EPSS
Exploits2References4
CISA
CISA
added 2024/07/23 12:0 p.m.18 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities a...

9.3CVSS7.1AI score0.78823EPSS
Exploits12References7
CISA
CISA
added 2024/07/09 12:0 p.m.18 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V...

9.8CVSS7.2AI score0.99485EPSS
Exploits20References8
CISA
CISA
added 2024/05/14 12:0 p.m.18 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...

8.8CVSS7AI score0.05687EPSS
Exploits2References7
CISA
CISA
added 2024/01/23 12:0 p.m.18 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23222 Apple Multiple Products Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

8.8CVSS7.1AI score0.10593EPSS
Exploits6References6
CISA
CISA
added 2024/01/18 12:0 p.m.18 views

Atlassian Releases Security Updates for Multiple Products

Atlassian released a security advisory to address a vulnerability CVE-2023-22527 in out-of-date versions of Confluence Data Center and Server as well as its January 2024 security bulletin to address vulnerabilities in multiple products. A malicious cyber actor could exploit one of these...

10CVSS10AI score0.99984EPSS
Exploits32References2
CISA
CISA
added 2024/01/11 12:0 p.m.18 views

Cisco Releases Security Advisory for Cisco Unity Connection

Cisco released a security advisory to address a vulnerability CVE-2024-20272 in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated...

9.8CVSS7.1AI score0.01604EPSS
Exploits0References1
CISA
CISA
added 2024/01/10 12:0 p.m.18 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authentication Bypass...

9.1CVSS10AI score0.99999EPSS
Exploits23References9
CISA
CISA
added 2023/10/16 12:0 p.m.18 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20198 Cisco IOS XE Web UI Privilege Escalation Vulnerabilitylink is external These types of vulnerabilities are frequent attack vectors for malicious cyber actor...

10CVSS9.8AI score0.99571EPSS
Exploits26References6
CISA
CISA
added 2023/09/11 12:0 p.m.18 views

CISA Adds Two Known Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41064 Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow CVE-2023-41061 Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability These types of...

7.8CVSS7.3AI score0.15263EPSS
Exploits2References7
CISA
CISA
added 2023/01/25 12:0 a.m.18 views

VMware Releases Security Updates for VMware vRealize Log Insight

VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply th...

2.5AI score
Exploits0References1
CISA
CISA
added 2023/01/04 12:0 a.m.18 views

Fortinet Releases Security Updates for FortiADC

Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet...

2.6AI score
Exploits0References1
CISA
CISA
added 2022/11/01 12:0 a.m.18 views

CISA Upgrades to TLP 2.0

Today, CISA officially upgraded to Traffic Light Protocol TLP 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2....

6.9AI score
Exploits0References7
CISA
CISA
added 2022/08/24 12:0 a.m.18 views

Preparing Critical Infrastructure for Post-Quantum Cryptography

CISA has released CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography, which outlines the actions that critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of...

2.4AI score
Exploits0References1
CISA
CISA
added 2022/07/19 12:0 a.m.18 views

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

CISA has released an Industrial Controls Systems Advisory ICSA detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning...

1.1AI score
Exploits0References2
CISA
CISA
added 2022/06/28 12:0 a.m.18 views

2022 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most...

0.9AI score
Exploits0References4
CISA
CISA
added 2022/06/14 12:0 a.m.18 views

SAP Releases June 2022 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review SAP Security Patch Day – June 2022 and apply the necessary...

2AI score
Exploits0References1
CISA
CISA
added 2022/06/03 12:0 a.m.18 views

CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X

CISA has released an Industrial Controls Systems Advisory ICSA detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. Exploitation of these vulnerabilities would requir...

1.4AI score
Exploits0References1
CISA
CISA
added 2022/04/07 12:0 a.m.18 views

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory Advisories VMSA-2022-0011 and...

2.4AI score
Exploits0References2
CISA
CISA
added 2022/03/24 12:0 a.m.18 views

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

2.9AI score
Exploits0References1
CISA
CISA
added 2022/03/08 12:0 a.m.18 views

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 98 and Firefox...

7.2AI score
Exploits0References2
CISA
CISA
added 2022/02/24 12:0 a.m.18 views

Iranian Government-Sponsored MuddyWater Actors Conducting Malicious Cyber Operations

CISA, the Federal Bureau of Investigation FBI, U.S. Cyber Command Cyber National Mission Force CNMF, the United Kingdom’s National Cyber Security Centre NCSC-UK, and the National Security Agency NSA have issued a joint Cybersecurity Advisory CSA detailing malicious cyber operations by Iranian...

6.5AI score
Exploits0References3
CISA
CISA
added 2021/11/04 12:0 a.m.18 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

7AI score
Exploits0References5
CISA
CISA
added 2021/08/02 12:0 a.m.18 views

CISA and NSA Release Kubernetes Hardening Guidance

The National Security Agency NSA and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized...

0.5AI score
Exploits0References1
CISA
CISA
added 2021/07/30 12:0 a.m.18 views

NSA Releases Guidance on Securing Wireless Devices While in Public

The National Security Agency NSA has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on...

6.7AI score
Exploits0References2
CISA
CISA
added 2021/07/01 12:0 a.m.18 views

NSA-CISA-NCSC-FBI Joint Cybersecurity Advisory on Russian GRU Brute Force Campaign

The National Security Agency NSA, Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, and the UK’s National Cyber Security Centre NCSC have released Joint Cybersecurity Advisory CSA: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterpris...

7.9AI score
Exploits0References2
CISA
CISA
added 2021/06/08 12:0 a.m.18 views

Microsoft Releases June 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and...

7.2AI score
Exploits0References2
CISA
CISA
added 2021/05/11 12:0 a.m.18 views

Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware

CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on a ransomware-as-a-service RaaS variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure CI company. Cybercriminal groups use DarkSide to gain access t...

6.9AI score
Exploits0References10
CISA
CISA
added 2021/04/21 12:0 a.m.18 views

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/03/16 12:0 a.m.18 views

Microsoft Releases Exchange On-premises Mitigation Tool

Microsoft has released the Exchange On-premises Mitigation Tool EOMT.ps1 that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: "the tool is intended to help customers who do not have dedicated security or IT teams to apply...

6.8AI score
Exploits0References5
CISA
CISA
added 2021/02/17 12:0 a.m.18 views

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.182 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

7AI score
Exploits0References1
CISA
CISA
added 2021/01/26 12:0 a.m.18 views

FTC Reports Scammers Impersonating FTC

The Federal Trade Commission FTC has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require...

6.7AI score
Exploits0References3
CISA
CISA
added 2020/12/13 12:0 a.m.18 views

Active Exploitation of SolarWinds Software

The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. CISA encourages affected organizations to read the SolarWinds and FireEye advisori...

6.7AI score
Exploits0References3
CISA
CISA
added 2020/11/10 12:0 a.m.18 views

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...

6.8AI score
Exploits0References1
Total number of security vulnerabilities4188